On Mon, Aug 04, 2003 at 10:17:40AM -0700, Wade Richards wrote: > On Mon, 04 Aug 2003 13:00:33 +0300, Sami Haahtinen writes: > >awstats > > It does the best job of these three, it collects just about every bit > > of data that i can think of (and more) but the way it's packaged makes > > it unusable on a default debian installation (you need to either > > compromise on security or tweak apache configuration files) > > Can you please elaborate on the problems with awstats and security? I > didn't see any open bug reports for awstats in the BTS.
The way awstats needs to be set up on a debian box causes this.. (there are no known exploits, but i'm paranoid..;) as README.Debian says, you have 2 ways of setting up awstats, _manually_ setting the script owner to adm or fixing up the apache provided logrotate script to create files that are readable by the script. This is not something i consider reasonable.. I like awstats, but i try to avoid manual tweaks on files that get overwritten (/usr/*) or might get other changes (apache logrotate script) Regards, Sami -- -< Sami Haahtinen >- -[ Notify immediately if you do not receive this message ]- -< 2209 3C53 D0FB 041C F7B1 F908 A9B6 F730 B83D 761C >- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]